Anthropic Disputes Claude Fable 5 Jailbreak Claims After Pliny Posts Alleged Bypass
8 min. read 
Published on
Anthropic is disputing claims that its new Claude Fable 5 model was jailbroken shortly after launch to generate harmful cybersecurity and chemistry-related content.
The claims came after Anthropic launched Claude Fable 5 and Claude Mythos 5 on June 9, 2026. Fable 5 is the public Mythos-class model, while Mythos 5 is a more restricted version for approved users in high-trust settings.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
Researcher Pliny the Liberator claimed to bypass Fable 5’s safeguards through multi-agent prompting and later published what he described as the model’s internal system prompt. Anthropic has not confirmed the authenticity of that prompt, and the company says the posted examples do not prove a real jailbreak of its core safety systems.
Fable 5 Uses Classifiers for High-Risk Requests
Fable 5 and Mythos 5 share the same underlying capabilities, but Fable 5 includes additional safeguards for high-risk domains. Anthropic says those safeguards cover areas such as offensive cybersecurity, biological and chemical misuse, and model distillation.
According to Anthropic’s developer documentation, Fable 5 can decline certain requests through classifier-based refusals. Developers are also told to plan for refusal handling, fallback options, and billing behavior when using the model through the API.
That architecture is different from a simple chatbot refusal. Anthropic says the strongest protections run through independent classifier systems that operate separately from the model’s conversational behavior.
| Item | Details |
|---|---|
| Model | Claude Fable 5 |
| Developer | Anthropic |
| Launch date | June 9, 2026 |
| Model class | Mythos-class |
| Restricted counterpart | Claude Mythos 5 |
| Alleged issue | Jailbreak and claimed system prompt leak |
| Anthropic position | The posted examples do not show a real bypass of core safeguards |
Pliny Claimed a Multi-Agent Bypass
SecurityWeek reported that Pliny the Liberator claimed to have bypassed Fable 5 using sophisticated multi-agent prompting methods. The reported claim involved sensitive cyber and chemistry topics, but the available public evidence remains disputed.
The alleged methods included long-context framing, document-style prompts, Unicode substitutions, narrative framing, and breaking sensitive requests into smaller pieces. This article does not reproduce the harmful technical outputs or operational steps described in screenshots.
Pliny also posted what he described as an internal Fable 5 system prompt. The file reportedly described behavior rules, refusal logic, safety classifiers, fallback behavior, and tone guidance, but Anthropic has not publicly confirmed that the file is genuine or complete.
Anthropic Says the Posts Did Not Prove a Real Jailbreak
Anthropic rejected the strongest version of the claim. The company told SecurityWeek that a true jailbreak would need to bypass the model’s core safeguards and provide meaningful assistance toward high-risk activities.
Anthropic said some of the shared outputs were not generated by Fable 5, while other examples contained general information already available in public sources. The company also said it found no evidence that its strongest safeguards had been bypassed to generate genuinely dangerous content.
This distinction matters for security teams. A prompt that pushes a model past a conversational refusal is not the same as defeating an external safety classifier that blocks high-risk categories before the model completes a dangerous request.
Government Directive Turned the Dispute Into a Policy Fight
The controversy grew after Anthropic said the U.S. government ordered it to suspend access to Fable 5 and Mythos 5 for foreign nationals. In its access suspension statement, Anthropic said it had to remove access for all users to comply with the directive.
Anthropic said the government had provided only verbal evidence of a potential narrow, non-universal jailbreak. The company also argued that the described capability was not unique to Fable 5 and was already available from other frontier models.
The Verge reported that the dispute triggered emergency talks between Anthropic and U.S. officials, with the company arguing that the model was not uniquely dangerous compared with other advanced systems.
Why the Alleged Stack Exploit Output Matters
The most serious public allegation is that Fable 5 produced exploit guidance involving low-level software vulnerabilities. If true at a meaningful level, that would raise concerns for developers, cloud operators, and vulnerability researchers using advanced AI tools.
However, the available record does not show a confirmed universal jailbreak. Anthropic’s position is that the posted material did not demonstrate meaningful uplift toward sophisticated cyberattacks.
For defenders, the issue still matters because frontier models are increasingly useful for code review, vulnerability triage, exploitability assessment, and patch development. A model that helps defenders can also become a target for misuse testing.
Fable 5 Was Built for Long-Horizon Agentic Work
Anthropic described Fable 5 as its most capable widely released model for demanding reasoning and long-horizon agentic work. The model supports long context, large outputs, code execution, programmatic tool use, and agent-style workflows.
The launch post for Fable 5 and Mythos 5 said the models can work autonomously for longer than earlier Claude models and perform strongly in software engineering, knowledge work, vision, memory, and life sciences tasks.
Those same strengths make safety testing harder. A single-turn prompt test may miss risks that appear only across long conversations, multiple helper agents, file inputs, tool calls, and staged task decomposition.
System Prompt Leak Claims Remain Unconfirmed
System prompts can reveal how an AI product handles tools, refusals, policies, output style, safety routing, and product-specific behavior. That makes them attractive targets for jailbreak researchers.
The claimed Fable 5 prompt leak should still be treated carefully. Unofficial prompt dumps can be incomplete, modified, outdated, or mixed with content from other interfaces.
Anthropic has not publicly confirmed that Pliny’s posted prompt is authentic. Until that changes, the strongest confirmed facts are the public claim, Anthropic’s denial, and the later U.S. government directive based on a narrow jailbreak concern.
What Developers and Security Teams Should Take From This
The Fable 5 episode shows that AI safety controls must cover more than standard prompt injection tests. Modern frontier models can use long context, tools, subagents, and fallback flows, which gives researchers more paths to test.
Anthropic’s Fable 5 API guidance tells developers to handle refusals as normal successful responses rather than API errors. That means applications need to treat refusal, fallback, logging, and user messaging as part of their security design.
The controversy also highlights a policy problem. If regulators respond to narrow jailbreak claims by removing access to commercial models, AI vendors may face new uncertainty around releases, evaluations, and international availability.
- Anthropic launched Fable 5 as a public Mythos-class model with extra safeguards.
- Pliny the Liberator claimed to bypass those safeguards and leak a system prompt.
- Anthropic disputes that the shared examples show a real jailbreak of core safety systems.
- The U.S. government later ordered access restrictions tied to a narrow jailbreak concern.
- Anthropic removed access to Fable 5 and Mythos 5 for all users while complying with the order.
- The incident raises questions about model safety testing, agent workflows, and export controls.
The Bigger Issue Is How Frontier Models Are Evaluated
The Fable 5 dispute is not only about one alleged jailbreak. It reflects a larger problem for frontier AI evaluation, where safety teams must test prompts, agents, tool chains, long context, and real-world workflows together.
In its statement on the directive, Anthropic said the government should be able to block unsafe deployments through a transparent, fair, and technically grounded process. The company argued that the action against Fable 5 did not meet that standard.
The Verge’s account shows how quickly a technical jailbreak dispute can become a national security and export-control fight. For AI companies, the lesson is to publish clearer safety evidence. For customers, the lesson is to plan for sudden model access changes when using frontier systems in production.
FAQ
Claude Fable 5 is Anthropic’s public Mythos-class model. It shares the same underlying capabilities as Claude Mythos 5 but includes additional safety classifiers for high-risk areas such as offensive cybersecurity, biology, chemistry, and model distillation.
Pliny the Liberator claimed to jailbreak Claude Fable 5, but Anthropic disputes the claim. The company says the posted examples did not show a real bypass of its core classifier safeguards.
No. Anthropic has not publicly confirmed that the alleged Fable 5 system prompt leak is authentic, complete, or current.
Anthropic said the U.S. government issued an export-control directive requiring the company to suspend access to Fable 5 and Mythos 5 for foreign nationals. Anthropic removed access for all users to comply with the order.
Jailbreak claims matter because advanced models can help with vulnerability research, code review, and defensive security work. If safeguards fail in high-risk areas, the same capabilities can support misuse.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages